Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Description to Role Assignment

    Add descriptions to Role assignment when value must be specified that shows up when assigning the blueprint to an Subscription.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  2. Blueprints for Resource Groups

    I would love to have the blueprints for resource groups as well.

    To quote from your documentation:

    'With Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. This connection supports improved tracking and auditing of deployments. Blueprints can also upgrade several subscriptions at once that are governed by the same blueprint.'

    Replace "subscription" with "resource group" in the text above and there you have my request. :)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  3. Get policy state return all objects

    When getting policy state it only returns non-compliant objects. If the results returned all objects it would be easier to get an overview of compliance status for the environment.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure Resource Graph service

    Allow Azure Resource Graph service output to be stored in Azure blob storage automatically based on time

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  5. Include core counts for VMs for the purpose of cross-joins with other data

    It would be great to have some of other meta data exposed within Resource Graph. More specifically a way to get the number of cores that a VM size has. This would be valuable for queries to show the total number of cores that are used. Right now, we have to export out the results of the Resource Graph and convert the VM SKU to the number of cores outside of Resource Graph. Having it within the Resource Graph would allow us to do joins within our queries to get a single report with all of the information that we…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  6. Create AAD Groups with Blueprints

    How about an ability to add AAD users or groups to the current AAD tenant with Blueprints? Blueprints are currently aimed at subscription level, but how about extending this to the whole tenant?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support GraphQL as an alternative to Kusto

    Lots of work being done in GraphQL that are well aligned w what is done via Kusto and gets to a more common language and structure. Agreed gql is more complex than Kusto, but be helpful.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  8. Report and present Azure metrics queries

    Azure documentation here: https://azure.microsoft.com/en-us/pricing/details/monitor/ under the section metrics mention that metrics queries above 1 million queries per month would be charged on the subscription. It would be good to have this data presented on the Azure portal to set up alerts and throttle the additional requests if needed.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Create a property/alias that can be used in a policy to deny deployment of VM that is acceleratednetworking capable but not enabled.

    Create a property/alias that can be used in a policy to deny deployment of VM that is acceleratednetworking capable but not enabled. This is not currently possible. Ideally, this property/alias would live under Compute.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Granular locking of resources.

    Need the ability to have more granular locking of resources. Specifically being able to lock a VNET/subnet, but allow creation of NICs on the subnet so that users can attach to the subnet, but not modify an VNET/subnet configuration.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure Blueprints loose blueprint level dependencies when edited in UI

    This is a bug... when you set up dependencies in blueprint.json they are removed if you subsequently edit the blueprint in the UI.

    1. Create blueprint in UI
    2. Export with AzBlueprint, set up dependencies and import
    3. Export again, dependecies are still there
    4. Edit in UI
    5. Export, dependencies are gone

    The dependency management is not a great experience at the moment, it needs to be visible in the UI, also, I the documentation should be updated to clearly state if you can make one resource group dependent on another rather than making them dependent on artifacts in…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  12. Resource Graph - support for Microsoft.Sql/servers/encryptionProtector

    Support for subtype Microsoft.Sql/servers/encryptionProtector will enable us to query TDE configuration such as Microsoft managed vs. customer managed and Azure KeyVault configurations

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow customer to use Terraform or ARM Templates with Blueprints

    Most of my customers are using Terraform to deploy resources to Azure. Extend Blueprints to accept a .tf script as an artifact.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  14. Easily navigate between Policy Definitions and Assignments

    In the portal, I cannot easily navigate between policy definitions and assignments. Examples:

    -From a policy definition, show me all assignments of this definition
    -From a policy assignment, show me the definition

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  15. View changes across all resources

    Ability to see which Azure resources changed over a time period

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  16. Fix Azure Policy avoidance with NSG deployments.

    Deny Policies that deny NSG rules to be created are not evaluated by Azure Policy when deployed through VM deployments.

    https://github.com/Azure/azure-policy/issues/305

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow adding Azure Policy initiative parameters later on (after you've saved and closed out of it)

    Presently you can only add initiative parameters upon first creation of the initiative. Once you save it and go back in to edit you can no longer add parameters. This is very inflexible and requires you to know everything you want in the initiative up front.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing backlog and also gives us insight into the potential impact of implementing the suggested feature.

  18. PCI DSS 3.2.1 BluePrint

    1- After creating a blueprint by using the new PCI DSS 3.2.1 one, I've seen that the it has only the following which I believe is not the complete list. Is this an issue or it's due to being still Preview?
    *Deploy Threat Detection on SQL servers
    *Require encryption on Data Lake Store accounts
    *Allowed locations
    *Deploy Auditing on SQL servers
    *Deploy SQL DB transparent data encryption
    *Allowed locations for resource groups

    2- Will this blueprint provide guidence on what Azure Resources should used for PCI DSS Compliance? As an example the previous blueprints page was stating that ASE (App…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure Policy - Need a policy alias for Microsoft.RecoveryServices/vaults/monitoringConfigurations

    In order to create an azure policy that audits recovery vaults that do not have backup alerts enabled, there should be an alias for the monitoringConfigurations property.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add Meter Category/Service Name in resource graph

    The category type Meter category, which is available at billing modul is not available at resource graph.
    It is only the resource type category available, that is not the same as meter category.
    So it is not possible to make billing queries in billing modul and compare this with counts from resources in resource graph.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base